Do not impose an unauthenticated command limit when auth is optional

Proposed as a fix to nodemailer#161
immjs · Oct 24, 2023 · 72db181 · 72db181
1 parent ce14fcc
commit 72db181
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/smtp-connection.js b/lib/smtp-connection.js
@@ -496,7 +496,7 @@ class SMTPConnection extends EventEmitter {
         }
 
         // block users that try to fiddle around without logging in
-        if (!this.session.user && this._isSupported('AUTH') && commandName !== 'AUTH' && this._maxAllowedUnauthenticatedCommands !== false) {
+        if (!this.session.user && this._isSupported('AUTH') && !this._server.options.authOptional && commandName !== 'AUTH' && this._maxAllowedUnauthenticatedCommands !== false) {
             this._unauthenticatedCommands++;
             if (this._unauthenticatedCommands >= this._maxAllowedUnauthenticatedCommands) {
                 return this.send(421, 'Error: too many unauthenticated commands');